Confidentiality and Impartiality Policy

This instruction covers suspension procedures through withdrawal or cancellation of the certification certificate and revision of the register of approved firms.

All information received by or available to SAV Advisory staff, sub-contractors, or committee members, in any format, during audit activities, other certification
activities, or any dealings with an organization for any reason, shall be considered strictly confidential. This information shall not be disclosed to any third party (unless specified in ISO/IEC 17021-1:2015) without the express permission of the concerned organization or individual. This confidentiality requirement also extends to any organization with a legitimate right to audit or evaluate SAV Advisory.

Where SAV Advisory is required by law to release confidential information to a third party, the client or individual concerned shall, unless regulated by law, be notified in advance of the information provided.

However, where the organization is seen to be operating contrary to legal requirements or has operating practices which pose a danger to staff, customers, or the environment, SAV Advisory reserves the right to immediately report any such incident to the relevant authority. Any such reporting will only be undertaken with the permission of top management.

All records at SAV Advisory will be retained in a secure manner, only accessible to authorized staff via either paper records or password-controlled electronic records. Sub-contractors will be limited to accessing information produced by them in conducting an Audit. Records will only be made available to organizations that can demonstrate a legitimate (and legal) right to view those records and specifically to Accreditation Bodies.

All staff, Sub-Contractors, CEOs, and Committee Members will be required to agree to SAV Advisory’s confidentiality policy and sign a confidentiality agreement. Sub-contractors will also sign an agreement that also contains the responsibility to maintain confidentiality.

SAV Advisory Inc. is the legal entity responsible for certification activities; reference to SAV Advisory in this Policy and Public Statement refers to these legal entities.

SAV Advisory, its managers, Staff, and Subcontractors fully understand the importance of impartiality in undertaking its Certification Activities. SAV Advisory will therefore ensure that in all its dealings with clients or potential clients, all employees or other personnel are and will remain impartial. To ensure that impartiality is both maintained and can be demonstrated, the following principles have been established.

SAV Advisory Certificates are only issued following a review by an independent, authorized, and competent member of the management team (who has not been involved in the Audit) to ensure that no interest shall predominate. SAV Advisory generally does not offer (and has never offered) consultancy or any other form of consultancy to companies or individuals. Prior to such services, an assessment of conflicts of interest is performed and approved by the CEO.

SAV Advisory does not offer (and has never offered) an internal audit service to its certified clients.

SAV Advisory does not own or have any interest (financial or otherwise) in any other company that offers certification services.

SAV Advisory does not have (and will not form) any relationships with companies that offer consultancy or other services that can be construed as having an impact on the certification services provided by the company. Any proposed relationship between the company and any other company will undergo a risk assessment by the Committee for Impartiality before that relationship is formalized. Any current relationships with companies, organizations, and individuals will be risk assessed regularly to ensure that the relationship does not impact the impartiality of the certification process.

Individuals employed by or otherwise contracted to SAV Advisory are required to document and record their current and past relationships with all companies. Any situation, past or present, which may present a potential conflict of interest is required by SAV Advisory to be declared. SAV Advisory will use the information to identify any threats to impartiality and will not use that individual in any capacity unless they can demonstrate that there is no conflict of interest.

SAV Advisory will not assign a staff member or subcontractor to an audit if a past relationship with the organization has existed. However, at the discretion of
the Technical Manager or Directors, an individual or subcontractor may be assigned to an audit if there was a past relationship, provided that there has been no relationship for at least 2 years.

SAV Advisory does not and will not offer any commission, (‘finder’s fees’ or other inducements) to any individual or company in respect of referrals of clients unless:

  • The terms and conditions of any such referral are clearly established and can be demonstrated, and it can also be demonstrated that the fee is for a referral and the fact that a commission has been paid will in no way affect the outcome of an audit.
  • A risk assessment (to establish the potential for an unacceptable threat to impartiality) has been carried out on the process through which any such payment is made to an individual or organization (normally a consultant) requesting the commission for referrals.
  • All such payments are documented, recorded, and traceable and accompanied by a purchase order and invoice.

 

SAV Advisory does not offer specific training to any company in respect of implementing a particular standard for that company. Any training offered by SAV Advisory is general in nature and available to all companies or individuals who wish to attend.

SAV Advisory will ensure that it is not linked or marketed in any way which links it with the activities of a management system consultancy and will take appropriate action should any such link be identified.

Auditors and others involved in the certification process are not and will not be put under any pressure and will not be influenced in any way to come to a particular conclusion regarding the result of an audit.

SAV Advisory’s Impartiality Norms:

  • No outsourcing of Auditors to Consultancy Organizations.
  • No Referral Fees to be paid to Consultancy Organizations.
  • Facts-based communication to Clients/ Consultancy Organizations.
  • Adherence to all Accreditation and other Company Policies.
  • SAV Advisory shall not carry out any other conflicting services other than its core business of Certification.
  • SAV Advisory shall not employ any professional conflicting with its ethical policies.
  • SAV Advisory shall not allow any of its Auditors to market the services and conduct internal audits or other Audits for the same client.
  • SAV Advisory shall not allow any of its Auditors to carry out financial transactions with clients/ consultants.
  • SAV Advisory shall not carry out business with any consultant inducing pressures to compromise impartiality.
  • All employees of SAV Advisory shall disclose any situation impairing business ethics.
  • SAV Advisory shall not allow any of its Auditors to conduct audits for the client at least for 2 years from the date of relinquishment from their services for the client.
  • SAV Advisory shall not allow any Auditor to compromise on the Audit timing as required as per the accreditation/ SAV Advisory.
  • SAV Advisory shall not allow any Auditors to conduct the audit for the client for which it has not been approved for.
  • SAV Advisory shall maintain transparency with regard to all information.
  • Auditors shall divulge any confidential information of the client to any third party without written consent from the client and approval by (Manager).
  • No Auditors shall carry any client information with them after the usage period. All client information shall be returned after usage.
  • Utmost care/ verification to be carried out for granting the right scope of certification.
  • Any unethical practice observed should be notified to the management at the earliest.
  • SAV Advisory shall not allow any of its Auditors to accept any gifts from clients/ consultants.
  • SAV Advisory shall not allow any Auditors to conduct audits for the organization where any of its family members/ close relatives are involved in a decision-making position.
  • Disciplinary actions for non-adhering to impartiality policies shall be taken by the Management in consultation with the Impartiality Committee.

 

To supplement in-house resources, SAV Advisory employs Associate (subcontract) Auditors and sometimes has working relationships with overseas business managers. At no stage does SAV Advisory outsource its audits to consultancy organizations, outsource its certification decisions, or link its marketing activities with consultancy. SAV Advisory retains full control of all decision-making processes regarding granting, maintaining, renewing, extending, reducing, suspending, or withdrawing certification.

SAV Advisory recognizes that the source of revenue for a certification body is the client paying for certification, and that this is a potential threat to impartiality. Therefore, SAV Advisory is a self-financed independent organization, with a number of controls to ensure that impartiality is retained. To obtain and maintain confidence, it is essential that SAV Advisory’s certification decisions are based on objective evidence of conformity or nonconformity, and that any decisions made are not influenced by other interests or by other parties. Certification decisions are made and signed for by a competent Scheme Manager who was not responsible for the Audit and was not a member of the Audit team. SAV Advisory recognizes that threats to impartiality include the following:

  • Self–interest threats arising from a person or body acting in their own interest.
  • Self–review threats arising from a person reviewing the work that they have conducted themselves.
  • Familiarity (or trust) threats arising from a person becoming too familiar with or too trusting of another, instead of seeking audit evidence.
  • Intimidation threats arising from a person having a perception of being coerced openly or secretively, such as a threat to be replaced or reported to a supervisor.

 

SAV Advisory, its Top management, Managers, Staff, and others involved in the Certification of Management System fully understand the importance of impartiality in undertaking its Certification Activities.

The company will therefore ensure that in its dealings with clients or potential clients, all employees or other personnel involved in Certification Activities are, and will remain, impartial.

To ensure that impartiality is both maintained and can be demonstrated, SAV Advisory has identified and risk assessed all relationships which may result in a conflict of interest or pose a threat to impartiality. Based on the assessment, nothing has come to SAV Advisory Inc.’s attention that may require additional mitigation.

 

SAV Advisory is on your Side

By partnering with SAV Advisory, you gain access to a team of experts dedicated to ensuring your business’s cyber health and compliance, allowing you to focus on achieving your business objectives.